From: sambufe <samuel.bufe@publicispixelpark.de>
Date: Thu, 6 Apr 2017 10:05:39 +0000 (+0200)
Subject: added CSP header on Orat test and PRD
X-Git-Tag: v0.1.0~3293^2~1^2
X-Git-Url: https://git.uhu-banane.de/?a=commitdiff_plain;h=43499ca76a97ff6efe6e0415dd09e97c80b6774a;p=pixelpark%2Fhiera.git

added CSP header on Orat test and PRD
---

diff --git a/customer/fbb-orat/test.yaml b/customer/fbb-orat/test.yaml
index f8092a5c..7c0e87fa 100644
--- a/customer/fbb-orat/test.yaml
+++ b/customer/fbb-orat/test.yaml
@@ -53,7 +53,7 @@ infra::profile::wordpress::projects:
       - 'set Cache-Control "private, no-cache, no-store, must-revalidate, max-age=0"'
       - 'set Pragma "no-cache"'
       - 'set Expires 0'
-#      - "set Content-Security-Policy: \"default-src 'self' www.youtube.com; img-src 'self' *.fbcdn.net secure.gravatar.com *.google-analytics.com *.facebook.com www.google.com www.youtube.com *.doubleclick.net data:; font-src 'self' fonts.gstatic.com data:; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.addthis.com *.addthisedge.com *.google-analytics.com *.facebook.com www.google.com www.youtube.com *.doubleclick.net; child-src 'self' *.facebook.com; frame-ancestors 'self';\""
+      - "set Content-Security-Policy: \"default-src 'self' www.youtube.com; img-src 'self' *.fbcdn.net secure.gravatar.com *.google-analytics.com *.facebook.com www.google.com www.youtube.com *.doubleclick.net data:; font-src 'self' fonts.gstatic.com data:; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.addthis.com *.addthisedge.com *.google-analytics.com *.facebook.com www.google.com www.youtube.com *.doubleclick.net; child-src 'self' *.facebook.com; frame-ancestors 'self';\""
     directories:
       - provider: location
         path: '/wp-admin/'